{"data":{"id":"152eb38c-4b41-49aa-9f41-791699855ee9","title":"GHSA-5f53-522j-j454: Flowise Missing Authentication on NVIDIA NIM Endpoints","summary":"Flowise incorrectly whitelisted the NVIDIA NIM router (`/api/v1/nvidia-nim/*`) in its authentication middleware, allowing anyone to access sensitive endpoints without logging in. This lets attackers steal NVIDIA API tokens, manipulate Docker containers, and cause denial of service attacks without needing valid credentials.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-5f53-522j-j454","publishedAt":"2026-03-06T22:21:38.000Z","cveId":"CVE-2026-30824","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":["flowise@<= 3.0.12 (fixed: 3.0.13)"],"affectedVendors":["NVIDIA"],"affectedVendorsRaw":["Flowise","NVIDIA NIM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.0002,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}